Title :
An Architectural Approach to Preventing Code Injection Attacks
Author :
Riley, Ryan ; Jiang, Xuxian ; Xu, Dongyan
Author_Institution :
Purdue Univ., West Lafayette
Abstract :
Code injection attacks, despite being well researched, continue to be a problem today. Modern architectural solutions such as the NX-bit and PaX have been useful in limiting the attacks, however they enforce program layout restrictions and can often times still be circumvented by a determined attacker. We propose a change to the memory architecture of modern processors that addresses the code injection problem at its very root by virtually splitting memory into code memory and data memory such that a processor will never be able to fetch injected code for execution. This virtual split memory system can be implemented as a software only patch to an operating system, and can be used to supplement existing schemes for improved protection. Our experimental results show the system is effective in preventing a wide range of code injection attacks while incurring acceptable overhead.
Keywords :
memory architecture; security of data; code injection attacks; code injection problem; data memory; memory architecture; modern processors; program layout restrictions; virtual split memory system; Arm; Computer architecture; Gain control; Memory architecture; Operating systems; Protection; Software performance; Code Injection; Secure Memory Architecture;
Conference_Titel :
Dependable Systems and Networks, 2007. DSN '07. 37th Annual IEEE/IFIP International Conference on
Conference_Location :
Edinburgh
Print_ISBN :
0-7695-2855-4
DOI :
10.1109/DSN.2007.13
